The campaign against data protection violations in AdTech real-time bidding (RTB) systems is growing.
In September 2018 Open Rights Group Executive Director Jim Killock joined Dr. Johnny Ryan of Brave and Michael Veale of University College London to file complaints to European data protection authorities against Google and IAB Europe for General Data Protection Regulation (GDPR) violations in their RTB AdTech systems.
Whenever a targeted ad is served to an Internet user, this is the result of their personal data being shared and bidded out to potentially hundreds of companies. That data can include a user’s location, browsing habits and other intimate details. The “bid request” process does not protect against unauthorised access to personal data, which is a violation of GDPR rules.
In just a few short months AdTech complaints have rapidly grown in size and impact with no signs of slowing down. So far this year complaints have been filed across in Netherlands, Spain, Luxembourg, Belgium, Bulgaria, Czech Republic, Estonia, France, Germany, Hungary, Italy and Slovenia. The Irish Data Protection Commission (DPC) also opened a formal inquiry into Google’s Ad Exchange.
In a serious wake up call to the targeted advertising industry, on 20 June 2019 the Information Commissioner’s Office (ICO) agreed with complaints by Open Rights Group and Dr. Michael Veale that adTech real-time bidding systems give individuals “no guarantees about the security of their personal data”.
In January 2020 the Information Commissioner’s Office (ICO) announced they were taking minimal steps to enforce the law against massive data breaches taking place in the online ad industry (AdTech). Threatening legal action, ORG Executive Director Jim Killock said, "Last year the ICO gave a deadline for an industry response to our complaints. Now the ICO is falling into the trap set by industry, of accepting incremental but minimal changes that fail to deliver individuals the control of their personal data that they are legally entitled to.”
ORG hosted a roundtable discussion at the annual Computer Privacy and Data Protection (CPDP) conference in Brussels in January 2020 asking whether privacy friendly ethical alternatives to mainstream advertising technology (AdTech), which targets Internet users using their personal data, can work and generate revenue for online publishers.
Watch this space to learn how you can help as the fight against unjust digital advertising practices grows.